TechhDan · January 30, 2024 01:46
diff --git a/memscan.cpp b/memscan.cpp
 #include <iostream>
 #include <Windows.h>
 #include <vector>

 bool ReadMemory(HANDLE hProcess, DWORD64 address, int& value) {
    SIZE_T bytesRead;
    return ReadProcessMemory(hProcess, (LPCVOID)address, &value, sizeof(value), &bytesRead) && bytesRead == sizeof(value);
 }

 void InitialScan(HANDLE hProcess, const int targetValue, std::vector<DWORD64>& foundAddresses, const SYSTEM_INFO& si) {
    MEMORY_BASIC_INFORMATION info;
    std::vector<BYTE> buffer;
    DWORD64 address = 0;

    while (address < (DWORD64)si.lpMaximumApplicationAddress) {
        if (VirtualQueryEx(hProcess, (LPCVOID)address, &info, sizeof(info)) == sizeof(info)) {
            if (info.State == MEM_COMMIT && (info.Protect == PAGE_READWRITE || info.Protect == PAGE_READONLY)) {
                buffer.resize(info.RegionSize);
                SIZE_T bytesRead;
                if (ReadProcessMemory(hProcess, (LPCVOID)address, buffer.data(), info.RegionSize, &bytesRead)) {
                    for (SIZE_T i = 0; i < bytesRead - sizeof(targetValue); ++i) {
                        if (*reinterpret_cast<int*>(&buffer[i]) == targetValue) {
                            foundAddresses.push_back(address + i);
                            std::cout << "Found target value at address: " << std::hex << (address + i) << std::endl;
                        }
                    }
                }
            }
        }
        address += info.RegionSize;
    }
 }

 void RescanForNewValue(HANDLE hProcess, const int newValue, std::vector<DWORD64>& foundAddresses) {
    std::cout << "Scanning for updated value..." << std::endl;
    std::vector<DWORD64> updatedAddresses;
    for (DWORD64 addr : foundAddresses) {
        int readValue;
        if (ReadMemory(hProcess, addr, readValue) && readValue == newValue) {
            updatedAddresses.push_back(addr);
            std::cout << "Updated value found at address: " << std::hex << addr << std::endl;
        }
    }
    foundAddresses = updatedAddresses; // Update the list with only those addresses that contain the new value
 }

 int main() {
    DWORD pid = 29000; // Replace with your process ID
    HANDLE hProcess = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, pid);
    if (hProcess == NULL) {
        std::cerr << "Failed to open process with PID " << pid << ". Error Code: " << GetLastError() << std::endl;
        return 1;
    }

    SYSTEM_INFO si;
    GetSystemInfo(&si);

    int targetValue;
    std::cout << "Enter initial target value: ";
    std::cin >> targetValue;

    std::vector<DWORD64> foundAddresses;
    InitialScan(hProcess, targetValue, foundAddresses, si);

    while (true) {
        std::cout << "Enter new value to search (or -1 to exit): ";
        int newValue;
        std::cin >> newValue;
        if (newValue == -1) break;

        RescanForNewValue(hProcess, newValue, foundAddresses);
    }


    CloseHandle(hProcess);
    return 0;
 }
	#include <iostream>
	#include <Windows.h>
	#include <vector>

	bool ReadMemory(HANDLE hProcess, DWORD64 address, int& value) {
	SIZE_T bytesRead;
	return ReadProcessMemory(hProcess, (LPCVOID)address, &value, sizeof(value), &bytesRead) && bytesRead == sizeof(value);
	}

	void InitialScan(HANDLE hProcess, const int targetValue, std::vector<DWORD64>& foundAddresses, const SYSTEM_INFO& si) {
	MEMORY_BASIC_INFORMATION info;
	std::vector<BYTE> buffer;
	DWORD64 address = 0;

	while (address < (DWORD64)si.lpMaximumApplicationAddress) {
	if (VirtualQueryEx(hProcess, (LPCVOID)address, &info, sizeof(info)) == sizeof(info)) {
	if (info.State == MEM_COMMIT && (info.Protect == PAGE_READWRITE \|\| info.Protect == PAGE_READONLY)) {
	buffer.resize(info.RegionSize);
	SIZE_T bytesRead;
	if (ReadProcessMemory(hProcess, (LPCVOID)address, buffer.data(), info.RegionSize, &bytesRead)) {
	for (SIZE_T i = 0; i < bytesRead - sizeof(targetValue); ++i) {
	if (reinterpret_cast<int>(&buffer[i]) == targetValue) {
	foundAddresses.push_back(address + i);
	std::cout << "Found target value at address: " << std::hex << (address + i) << std::endl;
	}
	}
	}
	}
	}
	address += info.RegionSize;
	}
	}

	void RescanForNewValue(HANDLE hProcess, const int newValue, std::vector<DWORD64>& foundAddresses) {
	std::cout << "Scanning for updated value..." << std::endl;
	std::vector<DWORD64> updatedAddresses;
	for (DWORD64 addr : foundAddresses) {
	int readValue;
	if (ReadMemory(hProcess, addr, readValue) && readValue == newValue) {
	updatedAddresses.push_back(addr);
	std::cout << "Updated value found at address: " << std::hex << addr << std::endl;
	}
	}
	foundAddresses = updatedAddresses; // Update the list with only those addresses that contain the new value
	}

	int main() {
	DWORD pid = 29000; // Replace with your process ID
	HANDLE hProcess = OpenProcess(PROCESS_VM_READ \| PROCESS_QUERY_INFORMATION, FALSE, pid);
	if (hProcess == NULL) {
	std::cerr << "Failed to open process with PID " << pid << ". Error Code: " << GetLastError() << std::endl;
	return 1;
	}

	SYSTEM_INFO si;
	GetSystemInfo(&si);

	int targetValue;
	std::cout << "Enter initial target value: ";
	std::cin >> targetValue;

	std::vector<DWORD64> foundAddresses;
	InitialScan(hProcess, targetValue, foundAddresses, si);

	while (true) {
	std::cout << "Enter new value to search (or -1 to exit): ";
	int newValue;
	std::cin >> newValue;
	if (newValue == -1) break;

	RescanForNewValue(hProcess, newValue, foundAddresses);
	}


	CloseHandle(hProcess);
	return 0;
	}